The Cybersecurity Skills Gap: You’re Looking at the Wrong Gap

Posted on by Admin
The Cybersecurity Skills Gap: You’re Looking at the Wrong Gap

Related Post


How many times have you heard “There is a skills gap in Cybersecurity!”  If you go on social media, you’ll likely hear it at least once a day.

The government is big on it, and organisations lament how difficult it is to find the ‘right talent’.

But here’s some news for you… There is NO SKILLS GAP.

Why there’s no gap

I have written on this topic previously, but let me come at it from a different perspective. 

Previously, I’ve stated that there is more of a ‘perception’ gap, where people entering the market think that they will almost immediately receive a starting salary of £25k+, with no experience or skills to speak of. In one online advertisement, I see them state that you can earn “£72k in Cybersecurity”, so that’s what people expect.

Then there are the recruiters who (invariably) don’t seem to understand technology or cybersecurity (and most just haven’t got a clue about Governance, Risk, and Compliance!). They will sometimes ask for experience of systems and languages that have only just entered the marketplace. I recall when GDPR first came into force in 2018, some recruiters were looking for ‘5yrs+ experience in GDPR’ when the ink was still wet on the bill!

But there is a bigger, and more important issue at play, which makes us believe the gap exists. We have not put two pieces of a very important puzzle together.

Neurodiversity

There is a skills gap because we are not doing enough to consider the neurodiverse amongst us as viable candidates.

At the GRC World forum #RISK London event on the 18th and 19th of October, there were some fantastic panel discussions, but none more important than the one entitled “Embracing Neurodiversity: Building Inclusive Workplaces for All Minds” led by Kasia Wojciechowska, Head of Growth – Future Tech Talent, Capita.

I listened intently to the discussion about how employers are still not getting their interview processes right when it comes to the neurodiverse among us. Job applications and interviews far too often continue to follow the same old predictable route, With a job description that doesn’t provide the applicant with any framework of what the job might look and ‘feel’ like.

Job descriptions focus on the employers ‘wants’, not the applicants ‘needs’. Do they talk about the hours of working? Do you explain how big the team is? What the working environment is like? Will they be working in an open office (with lots of noise) or a small office alone? 

What are you offering that makes your company attractive to the neurodiverse?

ACTION: Take a look at the last three job advertisements your company placed – who do they serve? Are they neurodiverse-inclusive? Are you taking a ‘one size fits all’ approach?

The Interview

Of all the things we do, I believe we’re getting the interview process wrong on SO many levels! For most people, the idea of an interview is a scary prospect, but imagine what that feels like for someone who is socially awkward, suffers from anxiety when being ‘forced’ to make eye contact, sit up straight, ‘look confident’.

Interviews are generally attended by two or three people from the hiring organisation, which to most people feels like a ‘firing squad’! Questions come in thick and fast, interrogating the candidate about their skills and experience.

In 2023, this is not good enough. How about asking the candidates about how they would like to work rather than telling them how they will work?

How about running open-house workshops where you invite candidates to participate in group tasks or ask them to carry out tasks related to the job they’ll be doing? If it’s pen-testing, ask them to play a game of ‘capture the flag’. If they’re going to be involved in coding, ask them to create a small application based on a specific requirement. The list goes on.

ACTION: Take a look at your interview process. If you’re still relying on interviews as being the only way to hire people, then you’re doing it wrong.

Conclusion

There is SO much to say on this topic, and I apologise I can’t contain it all here, but as prospective employers, we need to do better. Not just to ‘tick an ESG box’, but because the neurodiverse are SUPER talented! This is not a disability, it is a super-ability! The neurodiverse look at things differently; they see patterns where many don’t, and they see opportunities (and risks) where many don’t. But best of all, they aren’t afraid to tell you!

Please do not think I’ve got this topic nailed. I know I have more to do. But when looking at how I train people, I consciously think about the diverse needs of the audience.

When writing policies and procedures that I want people to follow, I consciously think about what they need to know and how it should be structured.

The point is that it is a conscious act. We all need to do better because there are a whole lot of people out there ready, able, and willing to work in YOUR organistation. 

In recent years, big brands like Microsoft, Hewlett Packard, and Vodafone have run autism-focused employment programmes. These efforts are intended to improve the diversity of workplaces and are focused on hiring for the neurodiverse.

So the next time you hear someone say that there is a skills gap, just remember that large companies are changing their approach because they recognise there is a rich stream of talent that everyone else seems to be missing.

There is NO skills gap. The gap is in your thinking.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire.



Source link